feel free to give us a call: +44-2033186010
21.01.10 Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability
BugSec group’s On Line Fraud Research team, Versafe, found and reported a critical vulnerability in Internet Explorer in August 2009.
The vulnerability was reported to Microsoft and treated in the patch release, Jan. 21, 2010.
Background:
This vulnerability used for attack against Google's accounts and reported on Wednesday, August 26, 2009 2:54 PM (GMT +2:00).
the mitigation from microsoft is to disable active scripting.
the exploited is in the wild.
Vulnerable:
Microsoft Internet Explorer 8
Microsoft Internet Explorer 7.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Technology Background:
When an event is invoked, a value containing the event details is sent to the event handler.
One of the methods of this value is 'srcElement' which points to the object who called the event.
The problem occurs in the following situation:
1. Invoking an event on page using a certain object ('input', 'img' and etc').
2. Duplicating the event in memory and saving it as a global value.
3. After exiting the event handler, deleting the object who created the event (the 'input', 'img' and etc').
4. Trying to access the 'srcElement' will crash the browser due to memory corruption.
What we do - A video Presentation
